Filter for mac addresses of Amazon Technologies Inc.

[michbeck100]

libpcap is supposed to have a filtering feature that only requests for specific mac address ranges are returned. Since this is performed on a low kernel level, the filtering should be more efficient than filtering in pimatic-dash-button.

[mwittig]

Here is an example of such a filter "arp && (eth.src[0:3] == 1C:5A:3E || eth.src[0:3] == BC:05:43)". The vendor ids used in this example are for Samsung and Avm. Just replace them with Amazon vendor ids and extend the expression as needed. You can easily test the expression with a libpcap based sniffer like Wireshark (or tcpdump if you prefer a command line tool). See also https://www.wireshark.org

I guess you can simply pass in the filter where you create the session. https://github.com/michbeck100/pimatic-dash-button/blob/master/dash-button.coffee#L15

[mwittig]

Sorry, I completely forgot abot the fact that wireshark uses its own filter syntax for display filters which is not compatible with libpcap filters. So, the filter syntax needs to be along the lines of the stackoverflow article you mentioned in the forum post: http://stackoverflow.com/questions/13086766/how-to-filter-mac-addresses-using-tcpdump. The filter would be something like "arp and ((ether[6:2] == 0x7475 and ether[8:1] == 0x48) or (ether[6:2] == 0xF0D2 and ether[8:1] == 0xF1))". You can trial it with tcpdump, like sudo tcpdump "arp and (( ..." or with Wireshark by setting a capture filter.

[michbeck100]

Should be fixed with the next release